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In the Claims: 

Please amend Claims 1, 7, 13, 20, 23, 52, 55 and 60; cancel Claims 12, 25, 54, 57-58 
and 61-62, and add new Claims 63-65, all as shown below. Applicant respectfully reserves the 
right to prosecute any originally presented or canceled claims in a continuing or future 
application. 

1 . (Currently Amended) A system for single security administration comprising: 

a first application server of a [[first]] transactional server type, which is configured to 
execute transaction processes including receiving transactional procedure calls from clients to 
initiate the transaction processes, wherein the first application server includes 

an access control list which defines user security information for use in 
authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server plugin 
which is configured to forward the transactional procedure calls from clients to another 
application server for authorization; 

a second application server of a s e cond non-transactional server type, which is 
configured to administer security for the first application server, wherein the second application 
server includes 

a user profile database which includes security information for a plurality of 
users, including for each of the users a mapping of security credentials for that user 
between the [[first]] transactional server type and the second non-transactional server 
type, and 

an embedded LDAP server which is configured to receive and process the 
transactional procedure calls from the LDAP authentication server plugin; and 
wherein, when a transactional procedure call to initiate a transaction is received from a 

client to i n i t i at e a transact i on at the first application server, the LDAP authentication server 

plugin 

identifies the user associated with the transactional procedure call. 

determines that the second application server should authenticate the user, 

initiates an LDAP session between the first application server and the second 
application server, and 

s e nds a qu e ry i nformat i on forwards the transactional procedure call to the 
embedded LDAP server, 
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wherein, upon receiving the transactional procedure call from the LDAP authentication 
server pluqin, the embedded LDAP server 

processes the transactional procedure call. 

determines a corresponding user information from the user profile database, and 
returns the corresponding user information to the LDAP authentication server 

plugin. 

and wherein, after receiving rfreceivesll from the embedded LDAP server a 
corresponding user information as determined by the user profile database at the second 
application server, [[and]] the LDAP authentication server plugin 

creates a token reflecting [[the]] an authentication result based on the 

corresponding user security information , which is subsequently used to authenticate the 

client to participate in the transaction. 

2. (Canceled). 

3. (Previously Presented) The system of claim 1 wherein said first application server is an 

enterprise server. 

4-6. (Canceled). 

7. (Currently Amended) The system of claim 1 wherein said transactional procedure call 
includes a cuerv information that is query user information that specifies a particular user or 
group of users. 

8. (Previously Presented) The system of claim 1 wherein the system includes a plurality of 
servers. 

9. (Original) The system of claim 8 wherein at least two of said plurality of servers include 
an LDAP authentication server. 

10. (Previously Presented) The system of claim 1, further comprising a user information 
cache that caches a copy of said user authentication information in case of a failure in a 
communication link between the first application server and the second application server. 
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1 1 . (Original) Tine system of claim 1 wherein the system is scalable to include multiple LDAP 
authentication servers and/or multiple embedded LDAP servers. 

12. (Canceled). 

13. (Currently Amended) A method for providing single security administration comprising 
the steps of: 

providing a first application server of a [[first]] transactional server type, which is 
configured to execute transaction processes including receiving transactional procedure calls 
from clients to initiate the transaction processes, wherein the first server includes 

an access control list which defines user security information for use in 
authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server plugin 
which is configured to forward the transactional procedure calls from clients to another 
application server for authorization; 

providing a second application server of a s e cond non-transactional server type, which is 
configured to administer security for the first application server, wherein the second application 
server includes 

a user profile database which includes security information for a plurality of 
users, including for each of the users a mapping of security credentials for that user 
between the [[first]] transactional server type and the second non-transactional server 
type, and 

an embedded LDAP server which is configured to receive and process the 
transactional procedure calls from the LDAP authentication server plugin; 
receiving a transactional procedure call to initiate a transaction from a client to i n i t i at e a 
transact i on at the first application server; [[and]] 

performing, via the LDAP authentication server plugin, the steps of 

identifying the user associated with the transactional procedure call. 

determining that the second application server should authenticate the user, 

initiating a LDAP session between the first application server and the second 
application server, and 

s e nd i ng a qu e ry i nformat i on forwarding the transactional procedure call to the 
embedded LDAP server[[,]]i 
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receiving the transactional procedure call from the LDAP authentication server pluqin at 
the embedded LDAP server; 

performing, via the embedded LDAP server, the steps of 
processing the transactional procedure call. 

determining a corresponding user information from the user profile database, and 
returning the corresponding user information to the LDAP authentication server 

pluqin: 

receiving from the embedded LDAP server a corresponding user information as 
determined by the user profile database at the second application server[[,]]i and 

creating , via the LDAP authentication server pluqin. a token reflecting [[the]] an 
authentication result based on the corresponding user security information , which is 
subsequently used to authenticate the client to participate in the transaction. 

14. (Original) The method of claim 13, further comprising the step, prior to issuing a call, of 
allowing a client to access a default security plugin. 

15. (Canceled). 

16. (Previously Presented) The method of claim 13 wherein said first application server is an 
enterprise server. 

17-19. (Canceled). 

20. (Currently Amended) The method of claim 13 wh e r ei n further comprising: 

including in said transactional procedure call a ouerv user information that is query user 
information that specifies a particular user or group of users. 

21. (Previously Presented) The method of claim 13, further comprising: including a plurality 
of servers. 

22. (Previously Presented) The method of claim 21 wherein at least two of said plurality of 
servers include a LDAP authentication server. 



5 

Attorney Docket No.: ORACL-01416US1 

M:\tllu\wp\ORACL\1400-1499\1416US1\1416US1_RCE_Reply.cloc 



Application No.: 10/731,371 
Advisory Action dated: April 28, 2010 
Reply dated: May 18, 2010 

23. (Currently Amended) The method of claim 13, further comprising: 

providing a user information cache that caches a copy of said user information. 

24. (Previously Presented) The method of claim 13, further comprising: 

being scalable to include multiple LDAP authentication servers and/or multiple 
embedded LDAP servers. 

25-51. (Canceled). 

52. (Currently Amended) The system of claim 1 , wherein: 

the s e ss i on i s a LDAP session [[that]] supports a single user security data store and 
administration. 

53. (Previously Presented) The system of claim 1 , wherein: 

the second application server supports backup orfailover authentication. 

54. (Canceled). 

55. (Currently Amended) The system of claim 53, further comprising: 

a migrating utility that takes user security information from the separate security 
repository associated with the first [[type]] application server and updates the security data 
repository associated with at least one of the p l ura li ty of second [[type]] application servers. 

56. (Previously Presented) The system of claim 1 , wherein: 

the LDAP authentication server plugin at the first application server further 

determines another second type server in a plurality of second type servers that 

stores user and group information for a particular user, when a previously determined 

second type server fails, 

initiates a session between the first application server and said another second 

type server, 

passes query information from said authentication server to an embedded 
LDAP server in said another second type server, and 

receives corresponding user and group information from the embedded LDAP 
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server in said anotlier second type server. 
57-59. (Canceled). 

60. (Currently Amended) A machine readable storage medium having instructions 
embedded thereon and performing the following functions when executed by a processor: 

providing a first application server of a [[first]] transactional server type, which is 
configured to execute transaction processes including receiving transactional procedure calls 
from clients to initiate the transaction processes, wherein the first server includes 

an access control list which defines user security information for use in 

authorizing the calls from clients, and 

a Lightweight Directory Access Protocol (LDAP) authentication server plugin 

which is configured to forward the transactional procedure calls from clients to another 

application server for authorization; 

providing a second application server of a 6eeeft4 non-transactional server type, which is 
configured to administer security for the first application server, wherein the second application 
server includes 

a user profile database which includes security information for a plurality of 
users, including for each of the users a mapping of security credentials for that user 
between the [[first]] transactional server type and the second non-transactional server 

type, and 

an embedded LDAP server which is configured to receive and process the 
transactional procedure calls from the LDAP authentication server plugin; 
receiving a transactional procedure call to initiate a transaction from a client to i n i t i at e a 
transact i on at the first application server; and 

performing, via the LDAP authentication server plugin, the steps of 

identifying the user associated with the call, 

determining that the second application server should authenticate the user, 
initiating a LDAP session between the first application server and the second 

application server, and 

s e nd i ng a qu e ry i nformat i on forward the transactional procedure call to the 

embedded LDAP server[[,]]i 

receiving the transactional procedure call from the LDAP authentication server plugin at 
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the embedded LDAP server; 

performing, via the embedded LDAP server, the steps of 
processing the transactional procedure call. 

determining a corresponding user information from the user profile database, and 
returning the corresponding user information to the LDAP authentication server 

plugin: 

receiving from the embedded LDAP server a corresponding user information as 
determined by the user profile database at the second application server[[,]]i and 

creating , via the LDAP authentication server plugin. a token reflecting [[the]] an 
authentication result based on the corresponding user security information , which is 
subsequently used to authenticate the client to participate in the transaction. 

61. (Canceled). 

62. (Canceled). 

63. (New) The system of claim 1 wherein the second server include a console program for 
administering the security of the first server. 

64. (New) The system of claim 1 wherein the first application server also supports a 
separate authentication mechanism with a separate security repository and independent 
of the LDAP authentication server plugin. 

65. (New) The system of claim 1 wherein an administrator of the first server is mapped to 
an administrator for the second server by default. 
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